Skip to content

22 March, 2023

Subscribe Advertise About Us
  • My Account
  • Register
  • Log In
  • Log Out

Board Agenda

  • Governance
  • Strategy
  • Risk
  • Ethics
  • News
    • Categories

      • View All
      • Board Moves
    • ethical decision-making

      Call for FTSE 100 companies to give guidance on ethics

      Most top firms have a published code of ethics, but many lack the framework to...

    • BlackRock Larry Fink Larry Fink puts focus on finance and inflation

      Although BlackRock’s CEO does not mention the term ‘ESG’ in his annual letter, he highlights...

    • woke silicon valley bank News round-up: this week in governance

      GOP declares SVB ‘woke’; banks slow to sustainability; fund managers accused of dodging voting risks;...

  • Insight
    • Categories

      • View all
      • Governance
      • Strategy
      • Risk
      • Ethics
      • Board Expertise
      • finance
      • Technology
    • data decision

      How to boost decision making

      Innovative digital tools can help boards to deliver against strategic objectives, but it is the...

    • remote working

      Navigating the new world of work

      Firms need to focus on building an inclusive environment and a culture of trust to...

    • digital transformation

      Digital transformation: Get the basics right

      Board involvement at the get-go will boost the chances of a successful digital transformation for...

  • Comment
      • View all
    • uncertainty in 2023

      Being a CEO in 2023: how to navigate uncertainty

      Agility, planning in the shorter term and bravery will all stand chief executives in good...

    • A week of business moving to the centre of human rights

      A week of events signals the initiatives underway to have companies play a central role...

    • audit reform IIA Why we need audit reform right now

      There is an "urgent need" for reform to the audit landscape as well as internal...

  • Interviews
      • View All Interviews
      • Podcasts
      • Webinars
    • life sciences podcast Reform of NHS levy ‘harms UK competitiveness’

      Boards in the pharmaceutical and life sciences sector face increasingly difficult decisions, according to a...

    • Board priorities 2023 Board priorities 2023: tact, trust and transparency

      We asked key figures what would help boards this year. The answers ranged from 'smarter...

    • Group of investors/shareholders in glass building Climate issues likely to figure prominently at next year’s AGMs

      A recent webinar heard that say-on-climate voting is expected to rise, while ESG remains a...

  • Careers
      • View all
      • Selection
      • Board Moves
    • female ceo Less than a third of FTSE 100 executives are women

      In Europe as a whole, only 7.7% of top companies’ chief executives are female, gender...

    • board size Performance declines as boards grow in size

      Researchers found that investment dropped by 2-3 percentage points as companies passed from 12 to...

    • Silicon Valley governance Silicon Valley improves its governance

      Big technology companies are stealing a march over other top corporates when it comes to...

  • Resource Centre
      • White Paper Downloads
      • Book Reviews
      • Corporate & Advisory Services
    • Gender diversity barometer

      Barometer of Gender Diversity in Governing Bodies in Europe

      The 2023 Barometer of Gender Diversity in Governing Bodies in Europe looks at the 16...

    • geopolitical risk airmic

      Navigating geopolitical risk

      Today, the future feels less secure, and optimism is more restrained. Taking decisions in an...

    • Edelman Trust Barometer 2023

      2023 Edelman Trust Barometer

      The report is the result of the Edelman Trust Institute's research, which sampled more than...

  • Events
  • Search by topic
    • Governance
    • Strategy
    • Risk
    • Ethics
    • Regulation
    • ESG
    • Investor Relations
    • Selection
    • Board Expertise
    • finance
    • Technology

Working from home? Stay alert to the risk of cyber-attacks

by Kamal Bechkoum on June 9, 2020

Covid-19 has made firms increasingly reliant upon their online networks and remote-working capabilities. But the threat from cyber-attacks has grown too.

Hacker launching cyber-attacks during Covid-19 crisis

Image: Ozrimoz/Shutterstock

Picture cyber-attacks on your organisation as being like any other scam—tenacious, infuriating and often playing on human weakness or error to achieve access to your most important resources.

The government’s Covid-19 “test, track and trace” smartphone app, piloted on the Isle of Wight, is a prime example of what can go wrong for organisations when a significant lack of trust comes into the equation.

According to a recent 1,000-person survey, almost half (48%) of people questioned about the NHSX contact-tracing app say they don’t trust the government to keep their information safe from hackers.

The poll also found that 43% of respondents are worried that using the app could give fraudsters an opportunity to launch phishing attacks by email or SMS. This is in addition to the thousands of fake Covid-19 domains springing up and being used to initiate a spate of recent online frauds.

Given that one of the most important public health and safety plans of our time appears to be struggling to assure the public of its authenticity and trustworthiness, how can business leaders make the right decisions to protect themselves and their stakeholders through these troubling times?

Devices and defences

In the first instance understand that a cyber-attack on your organisation is inevitable. It’s really not a question of “if”, but “when”.

Forecasts for the number of online-linked devices, otherwise known as the “Internet of Things” (IOT), in 2020 varies from between 26 billion to 75 billion. If there’s one lesson that can be learnt from the current pandemic it’s that more of us than ever before are working remotely—and often mixing the use of personal and professional devices to stay connected.

More of us than ever before are working remotely—and often mixing the use of personal and professional devices to stay connected

There is so much information created by these devices—up to and beyond 2.5 quintillion bytes—that 90% of the world’s data has been created in the past two years.

Considering this massive volume it is perhaps understandable that cyber-defences can never be 100% secure. The grand challenge facing all organisations is the need to improve their understanding of where cyber-attacks are most likely to come from, and engage in habitual good security practice at all levels of the organisation.

Board members need to be clear on how their organisation’s data and IT infrastructure is protected. To begin with, a threat register should consider criminals, “hacktivists”, competitors, hostile states, and insiders, alongside the following four top cybersecurity tips:

  1. Build a human firewall. People are the first line of defence. Lead by example and develop all of your policies and teams to be cyber-aware. Preparedness can’t simply be delegated to the IT department or executive. It has to be the responsibility of everyone.
  2. Update systems regularly. This should be done continuously to ensure the latest software versions and patches are in place to help systems become as airtight as possible.
  3. Ensure continuous security. There is no single event or graduation ceremony that guarantees the job is complete. Everyone within and connected to the organisation needs to appreciate that this is a continuously evolving process.
  4. Plan for the worst-case scenario. Who will take the lead on responding to an attack? How can the problem be solved? Who needs to be informed? What can be learnt and done to prevent similar cyber-attacks in the future?

Cyber-attacks, human errors

All IOT devices and systems are vulnerable. Malicious apps will often sit in the background for long periods of time collecting data until the time comes for them to strike.

One devastating example was the December 2015 Ukraine power grid cyber-attack, when hackers were able to compromise the information systems of three energy distribution companies and temporarily disrupted electricity supplies for around 230,000 consumers.

This is not massively different from what the average cyber-criminal might do to gain access to your bank account—and make no mistake, even the experts are vulnerable.

A huge 95% of internal breaches are caused by human error. Our default approach to all IOT systems should always be one of suspicion

Over the last year I’ve personally experienced six attempts to get into my own system and fell victim to a spear-phishing scam. This is an increasingly common form of attack where criminals attempt to gain sensitive information, such as usernames, passwords or credit card details, by disguising themselves as a trustworthy entity in an electronic communication.

After gaining access to my address book the fraudsters contacted 250 friends, family and associates, asking them to pay for Amazon purchases on “my” behalf. Two fell for it.

On another occasion, I’m somewhat embarrassed to admit, I attempted to book some hotel rooms for visiting guests in Cheltenham, but I only had 10 minutes spare to do this. I went onto an accommodation-booking website, made the payment and received an email stating that the booking could be confirmed within three days. Later I received a call from my bank querying a transaction from Istanbul for £1,100. Luckily they managed to block any further withdrawals.

A huge 95% of internal breaches are caused by human error. Our default approach to all IOT systems should always be one of suspicion.

At the University of Gloucestershire control systems access and privileges are managed in a very rigid way. As a head of school, even I can’t download anything on my PC and I’m happy about this. When you recruit new people they should be inducted into this kind of culture.

The pressures of the pandemic has left many of us tired, putting ourselves in a position where we might fail to properly check the veracity of texts or emails received before reacting. This is when it becomes very easy to overlook crucial details and let things slip by.

Don’t make the mistake of acting in haste. Breathe, regroup and take your time. Ask the right questions, double-check your actions and ensure that everyone is alert to the threat posed by cyber-attacks. Your business might just depend on it.

Professor Kamal Bechkoum is head of business and technology at the University of Gloucestershire.

  • Facebook
  • Twitter
  • Google+
  • LinkedIn
  • Mail

Related Posts

  • Companies must put equality at the heart of the race to zero
    November 10, 2021
    Trees reflected in buildings

    Singular pursuit of net-zero by 2050 could exacerbate inequality and derail our chances of a climate-resilient future.

  • Battle of the boards: risk, ESG and two-tier board structures
    April 22, 2022
    Board risk meeting

    There is an inherent conflict of interest between main and executive boards, with two different time horizons and two different risk impacts.

  • Paul Manduca takes the wheel as chair of Eurowag
    September 16, 2021
    Paul Manduca, Eurowag

    The former chair of Prudential and Aon UK has joined the board of the commercial road transport services provider.

  • Cutting quarterly reporting may undermine the value of companies
    November 2, 2021
    Quarterly results in cityscape

    Research suggests a decrease in quarterly reporting is linked to decreased company value—and impacts smaller firms more than larger firms.

For thoughtful journalism, expert insights on corporate governance and an extensive library of reports, guides and tools to help boards and directors navigate the complexities of their roles, subscribe to Board Agenda

board expertise, coronavirus, cybercrime, cybersecurity, Internet of Things, Kamal Bechkoum, remote working, Technology

Search


Sign up to our Newsletter

Receive independent news, thoughtful journalism & expert insights about leadership, corporate governance & key boardroom issues straight to your inbox every week.

SIGN UP

Follow Us

 

 

 

 

Most Popular

  • ESG resilience requires leaders to manage without certainty
  • News round-up: this week in governance
  • Being a CEO in 2023: how to navigate uncertainty
  • Sally Johnson joins Rentokil Initial as NED
  • How to boost decision making

Featured Partner Profile

Diligent

Diligent

Diligent Corporation, which was founded in 2001, is headquartered in New York, NY with a European HQ in London. Diligent’s modern governance platform empowers leaders and teams at every level of the organisation to digitally transform and create ...

Featured Partner Resources

2022 AGM Season Forecast: An Eye on The Horizon

To help prepare for AGMs in 2022, Equiniti (EQ) hi...

Stakeholder Engagement: A Roadmap for UK Plc Boards

This guide aims to provide directors and their col...

Digital Boards: How Technology Adoption is Driving Culture Change and Resiliency

Digital tools proved their worth to boards during ...
Leadership in AI report

Leadership in AI

This report from Board Agenda and Mazars, in assoc...
Creativity in a Crisis: a Boardroom Map for Innovation

Creativity in a Crisis: a Boardroom Map for Innovation

In the uncertain times at the height of any crisis...
Board Directors Guide to D&O Liability Insurance - November 2020 - AIG & Board Agenda

Board Directors' Guide to D&O Liability Insurance

Directors face liability over a range of new threa...
Leadership-in-Risk-Management-Board-Report

Leadership in Risk Management: Board Report

Board Agenda, in association with Mazars and INSEA...
Director's Guide to Internal Investigations

A Director's Guide to Conducting Internal Investigations

An internal investigation must be handled meticulo...

 


 

ADVERTISE – FREE CORPORATE LISTING

FREE - Add your company profile to our Corporate & Advisory Directory.
ADD

ADVERTISE – PROMOTE YOUR REPORTS & WHITEPAPERS

FREE - Add your company profile to our Corporate & Advisory Directory.
Add Resource

Register Free

Register to receive free article views, selected resource downloads, and all the latest news alerts straight to your inbox. Register


  • Editors & Contributors
  • Editorial Advisory Board
  • Corporate & Advisory Services
  • Media Marketing Solutions
  • Contact Us
  • Careers
  • Board Director Network
  • Terms & Conditions
  • Privacy Policy
  • Cookies
  • Sitemap
|